The following diagram illustrates the request sequence of an IdP-initiated SSO scenario that uses the resumePath:

Processing steps

  1. User logs in to a local application or domain through an identity-management system or some other authentication mechanism.
  2. User clicks a link or otherwise requests access to a protected resource located in the SP domain. The link or other mechanism invokes the PingFederate SSO service.
  3. PingFederate invokes the designated adapter's lookup method, including the resumePath parameter. In this example, the adapter determines there is not enough information and redirects the browser to the application server to fetch additional session information.
  4. The application server returns the session information and redirects the browser along with the returned information to resumePath URL.
  5. PingFederate generates a SAML assertion and sends the browser with the SAML assertion to the SP's SAML gateway.